IETF Logo Mail Archive

RFC 5723 on Internet Key Exchange Protocol Version 2 (IKEv2) Session Resumption

rfc-editor@rfc-editor.org Fri, 08 January 2010 00:55 UTC

Return-Path: <rfc-editor@rfc-editor.org>
X-Original-To: ietf-announce@core3.amsl.com
Delivered-To: ietf-announce@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E4B8A3A690D; Thu, 7 Jan 2010 16:55:05 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -17.262
X-Spam-Level:
X-Spam-Status: No, score=-17.262 tagged_above=-999 required=5 tests=[AWL=-0.262, BAYES_00=-2.599, J_CHICKENPOX_93=0.6, USER_IN_DEF_WHITELIST=-15]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id SZ1q5sM+sPOt; Thu, 7 Jan 2010 16:55:04 -0800 (PST)
Received: from bosco.isi.edu (bosco.isi.edu [128.9.168.207]) by core3.amsl.com (Postfix) with ESMTP id E0DF53A6914; Thu, 7 Jan 2010 16:55:04 -0800 (PST)
Received: by bosco.isi.edu (Postfix, from userid 70) id 883AF39B48D; Thu, 7 Jan 2010 16:52:40 -0800 (PST)
To: ietf-announce@ietf.org, rfc-dist@rfc-editor.org
Subject: RFC 5723 on Internet Key Exchange Protocol Version 2 (IKEv2) Session Resumption
From: rfc-editor@rfc-editor.org
Message-Id: <20100108005240.883AF39B48D@bosco.isi.edu>
Date: Thu, 07 Jan 2010 16:52:40 -0800
Cc: ipsec@ietf.org, rfc-editor@rfc-editor.org
X-BeenThere: ietf-announce@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "IETF announcement list. No discussions." <ietf-announce.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf-announce>
List-Post: <mailto:ietf-announce@ietf.org>
List-Help: <mailto:ietf-announce-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-announce>, <mailto:ietf-announce-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 08 Jan 2010 00:55:06 -0000

A new Request for Comments is now available in online RFC libraries.

        
        RFC 5723

        Title:      Internet Key Exchange Protocol Version 
                    2 (IKEv2) Session Resumption 
        Author:     Y. Sheffer, H. Tschofenig
        Status:     Standards Track
        Date:       January 2010
        Mailbox:    yaronf@checkpoint.com, 
                    Hannes.Tschofenig@gmx.net
        Pages:      26
        Characters: 59201
        Updates/Obsoletes/SeeAlso:   None

        I-D Tag:    draft-ietf-ipsecme-ikev2-resumption-09.txt

        URL:        http://www.rfc-editor.org/rfc/rfc5723.txt

The Internet Key Exchange version 2 (IKEv2) protocol has a certain
computational and communication overhead with respect to the number
of round trips required and the cryptographic operations involved.
In remote access situations, the Extensible Authentication Protocol
(EAP) is used for authentication, which adds several more round trips
and consequently latency.

To re-establish security associations (SAs) upon a failure recovery
condition is time consuming especially when an IPsec peer (such as a
VPN gateway) needs to re-establish a large number of SAs with various
endpoints.  A high number of concurrent sessions might cause
additional problems for an IPsec peer during SA re-establishment.

In order to avoid the need to re-run the key exchange protocol from
scratch, it would be useful to provide an efficient way to resume an
IKE/IPsec session.  This document proposes an extension to IKEv2 that
allows a client to re-establish an IKE SA with a gateway in a highly
efficient manner, utilizing a previously established IKE SA.

A client can reconnect to a gateway from which it was disconnected.
The proposed approach encodes partial IKE state into an opaque ticket,
which can be stored on the client or in a centralized store, and is
later made available to the IKEv2 responder for re-authentication.  We
use the term ticket to refer to the opaque data that is created by the
IKEv2 responder.  This document does not specify the format of the
ticket but examples are provided.  [STANDARDS TRACK]

This document is a product of the IP Security Maintenance and Extensions Working Group of the IETF.

This is now a Proposed Standard Protocol.

STANDARDS TRACK: This document specifies an Internet standards track
protocol for the Internet community,and requests discussion and suggestions
for improvements.  Please refer to the current edition of the Internet
Official Protocol Standards (STD 1) for the standardization state and
status of this protocol.  Distribution of this memo is unlimited.

This announcement is sent to the IETF-Announce and rfc-dist lists.
To subscribe or unsubscribe, see
  http://www.ietf.org/mailman/listinfo/ietf-announce
  http://mailman.rfc-editor.org/mailman/listinfo/rfc-dist

For searching the RFC series, see http://www.rfc-editor.org/rfcsearch.html.
For downloading RFCs, see http://www.rfc-editor.org/rfc.html.

Requests for special distribution should be addressed to either the
author of the RFC in question, or to rfc-editor@rfc-editor.org.  Unless
specifically noted otherwise on the RFC itself, all RFCs are for
unlimited distribution.


The RFC Editor Team
Association Management Solutions, LLC

v2.23.0 | Report a Bug | By Email